Описание
A vulnerability was found in Moodle 3.6 before 3.6.7 and 3.7 before 3.7.3, where tokens used to fetch inline atachments in email notifications were not disabled when a user's account was no longer active. Note: to access files, a user would need to know the file path, and their token.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | code not present |
| devel | DNE | |
| eoan | not-affected | code not present |
| esm-apps/bionic | not-affected | code not present |
| esm-apps/xenial | not-affected | code not present |
| esm-infra-legacy/trusty | DNE | |
| precise/esm | DNE | |
| trusty | ignored | end of standard support |
| trusty/esm | DNE | |
| upstream | needs-triage |
Показывать по
4.3 Medium
CVSS2
5.3 Medium
CVSS3
Связанные уязвимости
A vulnerability was found in Moodle 3.6 before 3.6.7 and 3.7 before 3.7.3, where tokens used to fetch inline atachments in email notifications were not disabled when a user's account was no longer active. Note: to access files, a user would need to know the file path, and their token.
A vulnerability was found in Moodle 3.6 before 3.6.7 and 3.7 before 3. ...
Moodle Email media URL tokens were not checking for user status
4.3 Medium
CVSS2
5.3 Medium
CVSS3